package com.topone.permission.sercurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.topone.permission.sercurity.service.MyAccessDeniedHandler;
import com.topone.permission.sercurity.service.MyAuthenticationEntryPoint;
import com.topone.permission.sercurity.service.MyAuthenticationFailureHandler;
import com.topone.permission.sercurity.service.MyAuthenticationSuccessHandler;
import com.topone.permission.sercurity.service.MyLogoutSuccessHandler;
import com.topone.permission.sercurity.service.MySessionInformationExpiredStrategy;
import com.topone.permission.sercurity.service.UserDetailsServiceImpl;


/**
 * 认证和权限配置类
 * @author XiaZhentao
 * @date 2018年12月1日
 */
@Configuration
	@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	UserDetailsServiceImpl userDetailsServiceImpl;
	
	@Autowired
	MyAuthenticationFailureHandler myAuthenticationFailureHandler;
	
	@Autowired
	MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
	
	
	@Autowired
	MyAccessDeniedHandler myAccessDeniedHandler;
	
	@Autowired
	MyAuthenticationEntryPoint myAuthenticationEntryPoint;
	
	@Autowired
	MySessionInformationExpiredStrategy mySessionInformationExpiredStrategy;
	
	@Autowired
	MyLogoutSuccessHandler myLogoutSuccessHandler;
	
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        		.csrf().disable()
        		.headers().frameOptions().disable().and()
        		.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler)
          	  	.authenticationEntryPoint(myAuthenticationEntryPoint)
          	  	.and()
                .formLogin()
                .successHandler(myAuthenticationSuccessHandler)
                .failureHandler(myAuthenticationFailureHandler)
                .loginProcessingUrl("/login")//登录URL
          	  	.usernameParameter("username")
          	  	.passwordParameter("password")
                .permitAll() //登录页面用户任意访问
                .and()
                .logout()
                .logoutUrl("/logot")//退出URL
                .logoutSuccessHandler(myLogoutSuccessHandler)
                .permitAll()//注销行为任意访问
                .and()
                .authorizeRequests().antMatchers("/**").permitAll()
                .antMatchers("/sysuser/test").hasAuthority("ROLE_test")//要加前缀ROLE_
                .antMatchers("/sysuser/test1").hasAuthority("ROLE_test11")
                .antMatchers("/seller/bussiness/list").hasAuthority("ROLE_brand_list")//要加前缀ROLE_
                .antMatchers("/seller/bussiness/save").hasAuthority("ROLE_brand_create")
                .anyRequest().authenticated()//任何请求,登录后可以访问
                .and().sessionManagement()
           	 	.maximumSessions(2)
           	 	.expiredSessionStrategy(mySessionInformationExpiredStrategy);
    }

	@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		
    	auth.authenticationProvider(getDaoAuthenticationProvider());
    }
    
    
    @Bean    
    public DaoAuthenticationProvider getDaoAuthenticationProvider() {     
    	DaoAuthenticationProvider provider = new DaoAuthenticationProvider();     
    	provider.setUserDetailsService(userDetailsServiceImpl);         
    	provider.setHideUserNotFoundExceptions(false);        
    	provider.setPasswordEncoder(new BCryptPasswordEncoder());       
    	return provider;    
    }

}